不要在表单提交时转义特殊字符
我有一个通过 GET 提交的表单,其中一个隐藏字段提交类别 ID 列表,以逗号 (1,2,3) 分隔。
当 get 查询到达它要去的页面时,逗号会被 %2C 转义。
我无法对解析这些值的 PHP 进行更改,并且它们必须保留逗号。
总之: ?category=1,2,3 有效,而 ?category=1%2C2%2C3 则无效。
如何防止逗号被编码?
编辑以解决评论,经过简化,但给出了要点:
<form method="get" action="something.php">
<input type="hidden" name="category" value="1,2,3">
<input type="submit">
</form>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
“让它停止”的问题在于编码是 HTTP 标准的一部分 - 你“不应该”让它停止,因为它是 HTTP 构建基础的一部分。 RFC2396 描述了 URI 中允许和不允许的字符:
因此,当使用 GET 提交表单时,用户代理将根据此规范对值进行编码。
您的解决方案在于
更改表单以使用POST方法,将php中对
$_GET的引用更改为$_POST调用 urldecode (docs) 在使用数据之前 (
$_GET['my_value'] = urldecode($_GET['my_value']);)使用元素数组将其作为数组提交到服务器
在 PHP 端,
$_GET['myElement']将等于array(1,2,3)The problem with "making it stop" is that the encoding is a part of HTTP standards - you "shouldn't want" to make it stop since it is a part of the very basis upon which HTTP is built. RFC2396 describes which characters are allowed and not allowed in a URI:
Because of this fact, when using GET to submit a form, the user agent will encode the values according to this specification.
Your solution lies in either
Change the form to use the POST method, change references to
$_GETinto$_POSTin phpCall urldecode (docs) on the data before using it (
$_GET['my_value'] = urldecode($_GET['my_value']);)Use element arrays to submit this as an array to the server
On PHP side,
$_GET['myElement']will be equal toarray(1,2,3)使用Javascript手动编码查询字符串?虽然有点丑,但看起来这是唯一的选择。
Use Javascript to manually encode the query string? A bit ugly, but it looks like it is the only option.
创建 3 个具有相同名称“类别”和不同值 1、2 和 3 的隐藏字段。
Create 3 hidden fields with the same name "category" and a different value 1, 2 and 3.
不要阻止编码,而是考虑在收到字符串时对其进行解码。这是一个示例(使用 java):
public class Encoden { public static void main(String[] args) { String encodedValue; String value = "a, b, c"; String unencodedValue; try { encodedValue = URLEncoder.encode(value, "UTF-8"); } catch (UnsupportedEncodingException exception) { encodedValue = null; System.out.print("encoding exception: "); System.out.println(exception.getMessage()); } try { unencodedValue = URLDecoder.decode(encodedValue, "UTF-8"); } catch (UnsupportedEncodingException exception) { unencodedValue = null; System.out.print("decoding exception: "); System.out.println(exception.getMessage()); } System.out.print("Original: "); System.out.println(value); System.out.print("Encoded: "); System.out.println(encodedValue); System.out.print("Decoded: "); System.out.println(unencodedValue); } }我刚刚注意到 php 标签。虽然我不懂 php,但我确信它有一种方法来编码和解码 HTML 字符串值。
编辑:
根据注释,尝试渲染 CDATA 块内隐藏的值。我不知道这是否有效,只是把它扔在那里。下面是一个示例:
Instead of preventing encoding, consider decoding the string when you receive it. Here is an example (using java):
public class Encoden { public static void main(String[] args) { String encodedValue; String value = "a, b, c"; String unencodedValue; try { encodedValue = URLEncoder.encode(value, "UTF-8"); } catch (UnsupportedEncodingException exception) { encodedValue = null; System.out.print("encoding exception: "); System.out.println(exception.getMessage()); } try { unencodedValue = URLDecoder.decode(encodedValue, "UTF-8"); } catch (UnsupportedEncodingException exception) { unencodedValue = null; System.out.print("decoding exception: "); System.out.println(exception.getMessage()); } System.out.print("Original: "); System.out.println(value); System.out.print("Encoded: "); System.out.println(encodedValue); System.out.print("Decoded: "); System.out.println(unencodedValue); } }I just noticed the php tag. While I dont know php, I'm certain that it will have a means to encode and decode HTML string values.
Edit:
Based on comments, try rendering the value of the hidden inside a CDATA block. I have no idea if this will work, just throwing it out there. Here is an example:
<input type="hidden" name="blam" value="<![CDATA[1, 2, 3]]>"/>